SQUIP, sabon harin da ke shafar masu sarrafa AMD kuma yana haifar da zubar da bayanai

Darkcrizt

4 minti

rukuni na iMasu bincike daga Jami'ar Fasaha ta Graz (Ostiraliya), wacce aka sani da ita don haɓaka hare-haren MDS, NetSpecter, Throwhammer da ZombieLoad, ya bayyana wani sabon hari tashar tashar (CVE-2021-46778) a cikin jerin tsararrun masu sarrafa kayan aikin AMD da aka yi amfani da su don tsara aiwatar da umarni a cikin sassan aiwatarwa daban-daban na CPU.

Harin, da ake kira SQUIP, yana ba da damar ƙayyade bayanan da aka yi amfani da su a cikin ƙididdiga a cikin wani tsari ko na'ura mai kama-da-wane ko tsara hanyar sadarwa ta ɓoye tsakanin matakai ko na'urori masu kama da juna waɗanda ke ba da damar musayar bayanai ba tare da bin hanyoyin sarrafa damar tsarin ba.

da AMD CPUs dangane da 1st, 2nd da 3rd Zen microarchitectures tsara (AMD Ryzen 2000-5000, AMD Ryzen Threadripper, AMD Athlon 3000, AMD EPYC) An shafa lokacin da ake amfani da fasahar Multithreading na lokaci ɗaya (SMT).

CPUs na zamani suna amfani da ƙirar superscalar, inda ake aiwatar da umarni da yawa lokaci guda don haɓaka aiki. Waɗannan CPUs suna aiwatar da umarnin a cikin bututu ta matakai da yawa: (1) ɗauko, (2) yanke hukunci, (3) shirin/ aiwatarwa, da (4) ɗauko.

Harin ya ta'allaka ne akan kimanta matakin faruwar jayayya (matakin jayayya) a cikin layukan tsarawa daban-daban kuma ana yin su ta hanyar auna jinkiri lokacin fara ayyukan duba da aka yi a cikin wani zaren SMT akan CPU na zahiri. Don nazarin abubuwan da ke ciki, an yi amfani da hanyar Prime + Probe, wanda ya haɗa da cika jerin gwano tare da saitin ƙididdiga masu ƙima da ƙididdige canje-canje ta hanyar auna lokacin isa gare su a lokacin sake kunnawa.

Shirin/matakin aiwatarwa na iya aiwatar da umarni don haɓaka daidaiton matakin koyarwa. Muna bayyana kowane ɗayan waɗannan matakan a taƙaice:

-Bincika. CPU yana neman umarni na gaba don aiwatarwa daga cache L1i. 
-Decode. Don ba da damar aiwatar da ingantacciyar kisa, umarnin da aka samu (ayyukan macro) ana ƙididdige su zuwa ɗaya ko fiye mafi sauƙi microoperations (µops) kuma a sanya su cikin layin µop. Ana ciyar da waɗannan µops zuwa bayan baya, inda ake tsara su da aiwatar da su.
- Jadawalin / Gudu. Masu tsara jadawalin (s) suna lura da waɗanne µops ke shirye don aiwatarwa (suna da abubuwan da ake buƙata) kuma suna tsara su cikin ƙarfi (ba tare da tsari ba) zuwa rukunin aiwatarwa. A CPU core yana da mahara kisa raka'a kuma zai iya samun mahara lissafi da dabaru raka'a (ALUs), reshe kisa raka'a (BRUs), adireshin tsara raka'a (AGUs).

Yayin gwajin, masu bincike sun sami damar sake ƙirƙirar maɓallin RSA mai zaman kansa 4096-bit gaba ɗaya da aka yi amfani da shi don ƙirƙirar sa hannu na dijital ta amfani da ɗakin karatu na sirri na mbedTLS 3.0, wanda ke amfani da Montgomery algorithm don ɗaga lamba zuwa ma'aunin iko. Ana buƙatar alamun 50.500 don tantance maɓalli.

Jimlar lokacin harin ya ɗauki mintuna 38. Bambance-bambancen harin da ke ba da ɗigowa tsakanin matakai daban-daban da injunan kama-da-wane da ke ƙarƙashin KVM hypervisor ana nuna su. An kuma nuna cewa za a iya amfani da hanyar don tsara musayar bayanan sirri tsakanin injunan kama-da-wane a kan ƙimar 0,89 Mbit/s da tsakanin matakai a kan ƙimar 2,70 Mbit/s tare da kuskuren kasa da 0,8, XNUMX%.

An raba ainihin CPU zuwa maɓalli masu ma'ana, ko zaren, aiwatar da rafukan koyarwa masu zaman kansu amma raba albarkatu kamar cache na L1i. µops na waɗannan zaren kuma suna raba raka'o'in aiwatarwa da ƙarfi don ba da damar amfani mai girma gabaɗaya. Rarraba sassa daban-daban na kwaya.
Ana yin ta ta hanyar musayar gasa. AMD Zen gine-gine yana ba da damar zaren guda biyu
ta asali. Wadannan zaren na iya kasancewa daga tsarin guda ɗaya ko kuma daga shirye-shirye daban-daban, kamar yadda tsarin aiki ke sarrafa su.

Na'urorin sarrafa Intel ba su da saukin kamuwa kai hari saboda suna amfani da jerin gwano guda ɗaya, yayin da masu sarrafa AMD masu rauni ke amfani da layukan daban-daban ga kowane rukunin aiwatarwa.

A matsayin mafita don toshe kwararar bayanai, AMD shawarar cewa masu haɓakawa yi amfani da algorithms waɗanda koyaushe suke yin lissafin lissafi a koyaushe, ba tare da la'akari da yanayin sarrafa bayanan ba, sannan kuma yana hana cokali mai yatsa bisa bayanan sirri.

A ƙarshe, idan kuna sha'awar samun damar ƙarin sani game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin link mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.